[Haskell-cafe] random library

dominic at steinitz.org dominic at steinitz.org
Wed Oct 11 12:50:49 UTC 2017

No-one should be using the de facto random package. It is slow and produces surprising results.

I think one of the posters suggested using mwc-random and splitting by using a different seed. Although mwc-random has reasonably good properties, there is no guarantee about how correlated the various streams of random numbers will be. QuickCheck uses tf-random to avoid such problems. There is also a version of SplitMix https://hackage.haskell.org/package/splitmix <https://hackage.haskell.org/package/splitmix> but I don’t think this has been heavily road-tested.

But in this case, cryptographically secure randomness is required so I would follow Thomas’ suggestion.

PS I just noticed my spellchecker changed defacto to defect! Perhaps AI is taking over.

> All,
> Interesting library! Here's a link: http://hackage.haskell.org/package/DRBG-0.5.5/docs/Crypto-Random-DRBG.html <http://hackage.haskell.org/package/DRBG-0.5.5/docs/Crypto-Random-DRBG.html>
> Thomas,
> In the linked docs, there's a claim that Hash DRBG is the fastest cryptographically secure RNG on Hackage. Do you have a link to the benchmark results, or perhaps some updated ones? Unlike Viktor, I'm interested in less secure applications, but if the performance is good, it might be worth switching from the defacto random package.
> Thanks,
> Jonathan
> On October 10, 2017 10:23:14 PM CDT, Thomas DuBuisson <thomas.dubuisson at gmail.com <mailto:thomas.dubuisson at gmail.com>> wrote:
>> The hash drbg from the drbg package should meet your needs.
>> Deterministic,
>> pure Haskell except the actual hash function.
>> On Oct 10, 2017 8:13 PM, "Viktor Dukhovni" <ietf-dane at dukhovni.org <mailto:ietf-dane at dukhovni.org>>
>> wrote:
>>>> On Oct 10, 2017, at 8:48 PM, Kazu Yamamoto (山本和彦) <kazu at iij.ad.jp <mailto:kazu at iij.ad.jp>>
>>> wrote:
>>>> Before the release, I would like to replace the random package
>> since
>>>> it is slow.  I'm looking for a random library which is
>>>> - fast
>>>> - thread-safe (good for concurrent use)
>>>> Any recommendations?
>>> Just to make it more interesting, I should mention that the RNG
>>> should be not just statistically random, but should in fact be
>>> crypto random (resist predictability through cryptanalysis when
>>> properly seeded).
>>> So indeed there are two more issues here:
>>> - Securely seeding the RNG (likely using the OS API for
>>>  random seeds, and/or the RDSEED/RDRAND instructions on
>>>  Intel CPUs), IIRC we can that from cryptonite, I hope
>>>  at a reasonable cost.
>>> - Choosing a suitable DRBG based on the seed.  Likely again
>>>  something from cryptonite.
>>> Some time back I posted to the cryptography list about the
>>> soundness of relying on RDRAND in cryptonite's RNG (uses
>>> it instead of /dev/urandom and the like when available).
>>> The rough consensus IIRC was not rely solely on RDRAND.
>>> I never went back to write a PR to address that...
>>> http://www.metzdowd.com/pipermail/cryptography/2016- <http://www.metzdowd.com/pipermail/cryptography/2016->
>>> November/thread.html#30859
>>> --
>>>       Viktor.
Dominic Steinitz
dominic at steinitz.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20171011/1b0f869e/attachment.html>

More information about the Haskell-Cafe mailing list